Privacy Pool
—
shielded notes
Merkle Root
—
Poseidon depth-20
Oracle Feeds
—
loading…
Wallet
Not connected
—
🔐
Anonymous Deposit
Only a Poseidon commitment lands on-chain — no amount, no identity
$
🛡 What stays private
• Your wallet is never linked on-chain to the deposit
• Amount is hidden inside H(secret, asset, amount)
• Secret generated browser-side and never sent to the server
• Your note is indistinguishable from all other pool notes
🗒
Your secret note appears here
After a successful deposit you receive a secret note.
It is the only way to withdraw — treat it like a private key.
It is the only way to withdraw — treat it like a private key.
⚠️
Save This Note — It Cannot Be Recovered!
Store it offline (print, USB, password manager). Losing it means permanent loss of access. Anyone who has it can withdraw your funds.
Commitment (on-chain leaf)
Nullifier (spend key)
📤
Shielded Withdrawal
Noir ZK proof proves ownership — destination is unlinkable to depositor
Note format:
srwa:v1:ASSET:AMOUNT:SECRET:COMMITMENT:NULLIFIER
Withdrawal Pipeline
-
1
Parse noteExtract secret, asset, amount, nullifier
-
2
Fetch Merkle proofLocate commitment in Poseidon tree
-
3
Generate Noir ZK proofProves membership without revealing which note
-
4
Submit & burn nullifierContract verifies proof, marks nullifier spent
Noir Circuit: withdraw.nr
Private inputs: secret, asset_id, amount, merkle_path[20], path_indices[20]
Public inputs: merkle_root, nullifier, destination
Hash: Poseidon2 (BN254, matches Cairo & off-chain tree)
—
Current Merkle Root
—
Tree Depth
20
1,048,576 leaf capacity
Hash Function
Poseidon2
BN254 · ZK-native · matches Noir & Cairo
Live Commitment Feed
Real-time via WebSocket
No deposits yet — be the first to shield a position.
How the Privacy Layer Works
🔐
1. Deposit
Browser generates secret = random(31 bytes).
Poseidon2 computes commitment = H(secret, asset, amount)
client-side. Only the commitment is submitted. The secret never leaves your device.
deposit.nr circuit verifies the hash
🌳
2. Merkle Accumulation
Each commitment is a leaf in the depth-20 Poseidon Merkle tree on-chain.
The backend syncs every Deposit event and maintains an off-chain mirror
for fast Merkle proof generation. Your note is indistinguishable from all others.
Cairo: poseidon_hash_span
🔮
3. ZK Withdrawal
withdraw.nr proves: (a) your commitment is in the tree,
(b) your nullifier is correct — without revealing which leaf.
The Garaga verifier checks the Noir proof on-chain, then burns the nullifier.
Garaga on StarkNet verifies Barretenberg proofs
Check Nullifier Status
Verify whether a nullifier has been spent on-chain (query the ShieldedRWAVault contract directly).